Last week we released an advisory for a vulnerability discovered in the RiskNet Acquirer application. This software is a fraud management solution developed to protect major financial institutions including banks and payment processors.
RiskNet Acquirer is what we often refer to as a "thick client". This particular thick client communicated with exposed web services that in-turn interacted with a database on the backend. The communication with the web services utilised transport layer encryption. We used a tool called Echo Mirage to hook into the application and find out exactly what information is sent and received "under the hood" (inside of the encrypted tunnel) and to get a general picture of how things work together.